Deploy NixNG-built dnsmasq container image

modules/k3s/default.nix

@@ -1,4 +1,4 @@
-{ self, inputs, pkgs, lib, config, ... }:
+{ self, inputs, pkgs, lib, config, globals, ... }:
 let
   cfg = config.lab.k3s;
 in
@@ -165,6 +165,31 @@ in
         '';
       };
 
+      nixng = lib.mkIf (cfg.role == "server")
+        (
+          let
+            dnsmasqStream = (import ./dnsmasq.nix {
+              inherit (inputs) nixpkgs nixng;
+              inherit (inputs.nixng) nglib;
+              inherit (self) globals;
+            }).config.system.build.ociImage.stream;
+
+            dnsmasqImage = pkgs.stdenv.mkDerivation {
+              name = "dnsmasq.tar";
+              src = dnsmasqStream;
+              dontUnpack = true;
+              buildPhase = ''
+                $src > $out
+              '';
+            };
+          in
+          {
+            text = ''
+              ln -sf ${dnsmasqImage} /root/dnsmasq.tar
+            '';
+          }
+        );
+
       docker-images.text =
         let
           imageDefs = import "${self}/container-images.nix";

modules/k3s/dnsmasq.nix

@@ -0,0 +1,41 @@
+{ globals, nixpkgs, nglib, ... }:
+nglib.makeSystem {
+  inherit nixpkgs;
+  system = "x86_64-linux";
+  name = "nixng-dnsmasq";
+
+  config = { ... }: {
+    dumb-init = {
+      enable = true;
+      type.services = { };
+    };
+
+    init.services.dnsmasq = {
+      shutdownOnExit = true;
+    };
+
+    services.dnsmasq = {
+      enable = true;
+
+      settings = {
+        address = [
+          "/kms.kun.is/${globals.kmsIPv4}"
+          "/ssh.git.kun.is/${globals.gitIPv4}"
+        ];
+
+        alias = "${globals.routerPublicIPv4},${globals.traefikIPv4}";
+        expand-hosts = true;
+        local = "/dmz/";
+        log-queries = true;
+        no-hosts = true;
+        no-resolv = true;
+        port = 53;
+
+        server = [
+          "192.168.30.1"
+          "/kun.is/${globals.bind9IPv4}"
+        ];
+      };
+    };
+  };
+}